forms-authentication

问题 For context, I have a forms authentication timeout value set in my web.config, and am using ASP.NET MVC 1. I think it might be easiest to state my problem as 2 use cases -- the first one what happens without an authentication timeout, and the second one what happens with an authentication timeout: Normal case: The user logs into the app, and the authentication timer starts ticking. While the authentication period is still valid, the user clicks something on the page that triggers an AJAX call

问题 When you use ASP.NET forms authentication, and you want to surf to a secure page like securepage.aspx , you would be redirected to this URL: http://www.example.com/login.aspx?returnurl=securepage.aspx` Is there a way to get the absolute URL in login page, like: http://www.example.com/login.aspx?returnurl=http://www.example.com/securepage.aspx I need this feature, because I'm working on a rather complicated SSO project, and I need to always work with absolute URLs. 回答1: try this <httpRuntime

问题 With Forms Authentication when the app needs to redirect to sign-in page is there an event or any extensibility point that will let me do additional work to the request before it redirects to the sign-in page? I would like to send additional information in the query string that could vary such that it wouldn't work to just statically embed that in the link in the loginUrl node in the web.config. Edit: For clarification, I want to intercept the request prior to being redirected TO the login

问题 I'm learning MVC4 right now, and I am following the Pro ASP NET MVC4 4th edition book to create a Sports Store project. I have always developed in webforms, and I am trying to figure out how the forms authentication is working in MVC4. Here is what I have achieved: Web.Config <authentication mode="Forms"> <forms loginUrl="~/Account/Login" timeout="2880"/> </authentication> AccountController login Action: [HttpPost] public ActionResult Login(LoginViewModel model, string returnUrl) { if

问题 I have the following ntier app: MVC > Services > Repository > Domain. I am using Forms authentication. Is it safe to use Thread.CurrentPrincipal outside of my MVC layer to get the currently logged in user of my application or should I be using HttpContext.Current.User? The reason I ask is there seems to be some issues around Thread.CurrentPrincipal, but I am cautious to add a reference to System.Web outside of my MVC layer in case I need to provide a non web font end in the future. Update I

问题 I have a control that i've written that has a javascript component and a web service component. The problem i'm having is that the javascript is set to do: setInterval(this._checkAlertsHandler, this._messageCheckInterval * 1000); This calls a function which makes a webservice call like so: Alert.SiteAlertService.GetAlerts(this._receivedAlertsHandler, this._errorReceivedAlertsHandler); So this is using the web service javascript proxy methods to access the web service. The issue is that our

问题 I have a simple problem which is giving me headaches for a couple of days. I've created very simple application with login control. I keep user data in web.config file: <authentication mode="Forms"> <forms name=".RzeskoLoginCookie"> <credentials passwordFormat="Clear"> <user name="test" password="test"/> </credentials> </forms> </authentication> I will deploy this simple website to IIS on computer on which I do not want to use SQL Server. My login button event looks like this: protected void

问题 Is there a way to programmatically add Form based Authentication as per below? I am using my own LdapLoginModule . Initially I use Basic Authentication and it worked OK, but now I want more control on the Login page (like display logo, etc) Is there any good samples? I am using embedded jetty v8.1.7 . I don't use any web.xml for embedded jetty. The jetty server is started programmatically. <login-config> <auth-method>FORM</auth-method> <realm-name>Test JAAS Realm</realm-name> <form-login

问题 I have written a custom AuthorizeAttribute which has the following condition in asp.net mvc3 application: public override void OnAuthorization(AuthorizationContext filterContext) { //auth failed, redirect to Sign In if (!filterContext.HttpContext.User.Identity.IsAuthenticated) { filterContext.Result = new HttpUnauthorizedResult(); } } And in my web.config, i have: <authentication mode="Forms"> <forms loginUrl="~/User/SignIn" timeout="2880" /> </authentication> On authentication fail, it

问题 Here is My Code To Log In var expire = DateTime.Now.AddDays(7); // Create a new ticket used for authentication var ticket = new FormsAuthenticationTicket( 1, // Ticket version username, // Username to be associated with this ticket DateTime.Now, // Date/time issued expire, // Date/time to expire true, // "true" for a persistent user cookie (could be a checkbox on form) roles, // User-data (the roles from this user record in our database) FormsAuthentication.FormsCookiePath); // Path cookie is